MDVSA-2013:147

Problem description

A vulnerability has been found and corrected in libarchive:

Fabian Yamaguchi reported a read buffer overflow flaw in
libarchive on 64-bit systems where sizeof(size_t) is equal
to 8. In the archive_write_zip_data() function in libarchive/
archive_write_set_format_zip.c, the "s" parameter is of type size_t
(64 bit, unsigned) and is cast to a 64 bit signed integer. If "s" is
larger than MAX_INT, it will not be set to "zip->remaining_data_bytes"
even though it is larger than "zip->remaining_data_bytes", which
leads to a buffer overflow when calling deflate(). This can lead to a
segfault in an application that uses libarchive to create ZIP archives
(CVE-2013-0211).